CVE-2026-4623

CVE-2026-4623 affects DefaultFuction Jeson-Customer-Relationship-Management-System up to build 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. The vulnerability resides in the API Module, specifically the file /api/System.php, where manipulation of the url argument enables server-side request forgery (...

PT-2026-27304

Name of the Vulnerable Software and Affected Versions DefaultFuction Jeson-Customer-Relationship-Management-System affected versions not specified Description A security issue has been identified in the API Module component of DefaultFuction Jeson-Customer-Relationship-Management-System...

PT-2026-27196

A Reflected Cross-Site Scripting XSS vulnerability exists in the POST request data zipPath of tiki-admin system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or...

CVE-2025-63452

Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php...

CVE-2025-61247

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

EUVD-2020-18096

Malware in sbrugna...

EUVD-2024-38437

Malicious code in bioql PyPI...

PT-2025-26294 · Unknown · Phpgurukul Pre-School Enrollment System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Pre-School Enrollment System version 1.0 Description: A critical issue was found in the PHPGurukul Pre-School Enrollment System, affecting an unknown part of the file /enrollment.php. The manipulation of the fathername argument lea...

CVE-2024-25868

A Cross Site Scripting XSS vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the addtype.php component...

CVE-2023-36118

Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter...

CVE-2023-30106

Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting XSS via page=about...

CVE-2022-43146

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2025-29015

Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting XSS via the name parameter in /admin/pagesaccount.php...

PT-2024-36530 · Unknown · 1000Projects Bookstore Management System Php Mysql Project

Name of the Vulnerable Software and Affected Versions: 1000projects Bookstore Management System PHP MySQL Project version 1.0 Description: A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project. This issue affects some unknown functionality of the "add...

CVE-2019-25024

OpenRepeater ORP before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajaxsystem.php postservice parameter...

[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

College-Management-System-Php 1.0 - SQL Injection

College-Management-System-Php version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: College-Management-System-Php 1.0 - Authentication Bypass / SQL Injection Exploit Author: BLAY ABU SAFIAN Inveteck Global Website:...

College-Management-System-Php 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: College-Management-System-Php 1.0 - Authentication Bypass / SQL Injection Exploit Author: BLAY ABU SAFIAN Inveteck Global Website: https://github.com/olotieno/College-Management-System-Php Vendor: https://github.com/olotieno/...

Joomla Object Injection

Added: 10/24/2019 Background Joomla is a content management system written in PHP. Problem An object injection vulnerability in Joomla could allow a remote, unauthenticated attacker to execute arbitrary commands on the server. This vulnerability has been nicknamed "Rusty Joomla". Resolution Upgra...

YUNUCMS cross-site scripting vulnerability (CNVD-2019-00565)

YUNUCMS is China Yunyou YUNU network technology company of a set of open source enterprise station building content management system CMS. YUNUCMS1.1.8 version of the app/admin/controller/System.php file there is a cross-site scripting vulnerability , a remote attacker can write to the sys.php fi...